package cn.im.filter;

import cn.im.wrapper.XssRequestWrapper;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * 新增xss过滤器
 */
public class XssFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;

        String servletPath = req.getServletPath();

        //注解配置的是urlPatterns="/*"(过滤所有请求),忽略不需要过滤的静态资源url
        String[] exclusionUrls = {".js", ".gif", ".jpg", ".png", ".css", ".ico"};
        for(String str : exclusionUrls){
            if (servletPath.contains(str)){
                chain.doFilter(request,response);
                return;
            }
        }
        chain.doFilter(new XssRequestWrapper(req),response);
    }
}
